reverse-engineering

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly instructs creating and testing code that performs logins, exports cookies, and crafts requests (including CURL), which encourages embedding credentials or cookie values directly into code/commands and thus requires handling secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to reverse-engineer arbitrary websites by starting a browser to "read code, click buttons, etc." and extract requests/export HAR from those public sites, which exposes the agent to untrusted third-party web content that can influence subsequent tooling and actions.